description of business continuity planning

• Search Search Please fill out this field.
• Business Continuity Plan Basics
• Understanding BCPs
• Benefits of BCPs
• How to Create a BCP
• BCP & Impact Analysis
• BCP vs. Disaster Recovery Plan

Frequently Asked Questions

• Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

• Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
• BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
• BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

• Determining how those risks will affect operations
• Implementing safeguards and procedures to mitigate the risks
• Testing procedures to ensure they work
• Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's information technology system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How To Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

• Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
• Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
• Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
• Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

• The impacts—both financial and operational—that stem from the loss of individual business functions and process
• Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15 - 17.

Ready. “ IT Disaster Recovery Plan .”

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15-17.

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

• eSignatures
• Product updates
• Document templates

Key strategic steps to create a resilient business continuity plan

Jenny Pak Director of Program Management at PandaDoc

Reviewed by:

Ashley Kemper VP of Revenue Marketing

• Copy Link Link copied

Based on a Forrester survey from 2019, unplanned downtime costs 35% more per minute than planned downtime.

From natural disasters to cyberattacks, the challenges are real, and the consequences are severe.

Companies are often unprepared for unplanned downtime, and their slow reaction causes a dramatic loss of productivity and money.

How can they prevent this?

This article unveils the answer: A business continuity plan (BCP) is a strategic shield against unforeseen adversities, helping companies withstand, adapt, and emerge stronger from disruptive challenges.

Key takeaways

• A well-crafted BCP empowers organizations to quickly recover and continue operations. It provides relevant recovery strategies and techniques to secure the survival and success of businesses.
• Whether you operate in fintech, healthcare, cloud services, or any other industry, a BCP is an essential tool for maintaining operations during unforeseen circumstances.
• Testing your continuity strategies offers an opportunity to fine-tune the BCP and address any issues that might only become apparent once the plan is put into practice.

What is a business continuity plan (BCP)?

A business continuity plan is a survival tool tailored to each organization’s natural course of operation.

This document merges comprehensive techniques in risk assessment and crisis management.

Companies employ BCPs to anticipate potential threats like pandemics, human error, and technological failures.

Not just recovery but prevention

A robust business continuity plan goes beyond the recovery process.

A BCP helps you foster a culture of preparedness within your organization.

While recovery focuses on responding after an event, preparedness plans for and mitigates risks before they escalate into crises.

For instance, hospitals must have backup generators and detailed protocols to ensure continuous patient treatment, even in blackout scenarios.

For online services, maintaining alternative server backup systems ensures seamless transactions and customer service even during unexpected system crashes.

This proactive approach ensures your team can either maintain or swiftly restore essential business functions during unexpected events.

What does a business continuity plan typically include?

Here’s a concise breakdown of the components you can expect to find within a robust BCP.

• Initial data and emergency contacts provide immediate access to critical contacts, ensuring swift communication during an incident.
• Revision management outlines how the plan is maintained and updated over time, ensuring its effectiveness.
• Purpose and scope define the plan’s objectives and what business areas it covers.
• Activation guidelines explain when and how to activate the BCP, ensuring a clear understanding of the plan’s implementation.
• Policy information incorporates organizational policies that directly impact business continuity and recovery efforts.
• Emergency response procedures detail the actions to be taken in the event of a disruption, ensuring an organized response.
• Scenario-specific procedures provide specific instructions for various scenarios, such as natural disasters, cyberattacks, or public health crises.
• Checklists and flow diagrams simplify complex processes and guide users through critical tasks.
• A glossary of terms defines technical or industry-specific terminology for clarity.
• Review and update schedule outlines regular assessments and revisions to maintain the plan’s relevance and effectiveness.

7 key steps to create a solid business continuity plan

Follow these actionable steps to create and implement a tailor-made BCP for your unique circumstances.

Step 1: Dive into the unknown to initiate risk assessment and business impact analysis (BIA)

Assess how much revenue could be lost during a specific disruption period.

In practice, this also involves analyzing historical data on incidents like natural disasters, cyberattacks, or supply chain disruptions.

A business impact analysis (BIA) helps you understand how those risks can specifically affect different areas of your business.

For instance, a local hospital identified a power outage as a potential risk.

A BIA helps them understand when and how many patients in the intensive care units could die if power goes down.

That’s where the emergency generators are supposed to kick in.

Answer these foundational business continuity questions to forge a robust BCP.

• Who’s in the line of fire? Who will be directly impacted by a business disruption, from customers and employees to suppliers and stakeholders?
• Who safeguards critical emergency contact information for top clients? Where’s your data center? Who holds a hard copy?
• When and how will you alert everyone?
• If phone lines go silent, what’s the backup plan? What are your alternative communication options?
• What risk management team members do you need for a swift recovery? How do you reach or relocate them when it matters most?
• What should be your first focus when restoring operations?
• What issues must be addressed within the first 24 to 48 hours?
• Does each team and department have their own BCP? Who’s the commander of each unit?
• For senior staff members, including the CEO, what’s the emergency succession plan?
• Which team members will step into emergency roles?
• Where will you convene when it’s time to strategize off-site?
• Who liaises with local emergency responders, from firefighters to police?
• Who are the key vendors, especially data backup providers?

Clearly state the objectives of the BIA to your employees that the knowledge acquired will help you allocate resources for effective continuity planning

Step 2: Stack rank your critical business functions

Assign a level of importance to the following departments or business processes:

• Customer service (ensuring client satisfaction)
• Order processing (critical for revenue)
• Supply chain management (maintaining product availability)
• Financial transactions (essential for cash flow)
• Regulatory compliance (to prevent legal issues)
• Backup equipment like desktops, laptops, and servers (to exclude workflow gaps)

Your critical business functions must remain uninterrupted.

You’ll want to ensure that your document management and security are robust during the continuity planning process.

For instance, document repository solutions allow you to keep all your documents in one place, making it easier to access critical documents when needed.

Moreover, these platforms provide enterprise-grade security , which is E-SIGN, UETA, and HIPAA compliant and backed by SOC 2 certification, offering the utmost confidence when dealing with sensitive data.

Step 3: Domain-specific cheat sheet: Key functions & strategies to keep them operational

• Review process documents and SOPs to understand departmental collaboration.
• Organize cross-functional brainstorming for diverse insights.
• Consult industry experts for broader, industry-specific continuity strategies.

Step 4: When every second counts — define tolerable delays for vital functions

Keeping all your critical functions running during a disruptive event isn’t always feasible.

That’s why you must define the maximum allowable downtime for these functions in your business continuity planning.

Engage with your stakeholders to understand their tolerance for disruptions and align your recovery time objectives (RTOs).

BCP industry-specific benchmarks and standards can provide valuable insights into what is considered an acceptable downtime within your sector.

Step 5: Marvel is not the sole hero to assemble Avengers — build your unstoppable continuity team

You can’t fight disasters alone.

Let’s zoom in on the key players that should always make up your continuity team.

• IT professionals’ expertise ensures the safety and accessibility of your sensitive data and systems, even after cyberattacks and hardware meltdowns.
• HR managers manage remote work setups, address staffing challenges, and maintain workforce morale.
• Risk assessment specialists’ insights guide the team in risk mitigation and emergency management strategies.
• Communication experts steer your company away from misinformation and share reliable data with stakeholders, customers, and the broader public.
• Security officers implement security measures in crisis situations. Should a breach happen, they manage a coordinated response to contain and mitigate the impact.
• Chief information officers (CIOs) align IT infrastructure with your BCP to keep data systems robust during disruptions. To preserve data integrity and accessibility, CIOs incorporate cloud platforms and data backup systems.

This squad is especially important during a crisis, as they will make real-time decisions to maintain the plan’s effectiveness.

Step 6: The alchemy of business continuity management doesn’t feel awkward anymore — craft a continuity plan that works

An actionable plan should provide step-by-step instructions, assign roles and responsibilities, establish clear communication protocols, and define each function’s RTOs.

Here’s an example of how you can craft your business continuity plan.

• Plan purpose

(Sample text)

“This Business Continuity Plan outlines procedures for [Company Name] to swiftly execute and recover business activities, minimizing disruptions during emergencies.”

• Potential threats

• Recovery team

• Crisis communication plan

• Relocation and recovery operations

• Review and testing

[Company Name] will set criteria for validating/testing the Continuity Plan, reviewing it every [time period] and conducting tests every [time period]. These tests will also serve as training for designated personnel. Testing methods include: [list the methods] .

• During or after a cyberattack, isolate affected servers by executing specific firewall rules (e.g., “iptables -A INPUT -s malicious_ip -j DROP”) and conduct a forensic analysis using tools like Volatility.
• Establish a communication protocol using encrypted channels (e.g., using the Signal app) for sensitive internal discussions.
• Utilize automated backup solutions like Bacula to streamline the recovery process.
• Leverage load balancing techniques for a seamless transition to backup servers, minimizing downtime and ensuring continuous service availability.

Step 7: Warriors are made, not born — put your BCP to the test and train your team

Without tests, you can’t know for sure how well your methods and continuity techniques will work.

You won’t reveal weaknesses and areas for improvement, either.

Gather your continuity team and engage in tabletop exercises that challenge their decision-making and response coordination.

Create detailed scenarios that mimic real-world disruptions like a cyberattack, natural disaster, or pandemic, and evaluate how the BCP performs under these conditions.

Perform gap analysis after each test to identify areas for improvement.

Regularly conduct security audits and penetration tests to find and rectify vulnerabilities before they can be exploited.

Cyberattacks are the worst enemy for any modern business without a BCP

Businesses without a BCP are exposed to cybersecurity threats, including data breaches, ransomware attacks, and system vulnerabilities.

These threats extend beyond financial implications, touching upon reputation damage, legal liabilities, and operational disturbances.

According to a Check Point Research survey , 50% more cyberattacks per week on corporate networks were reported in 2021 compared to 2020.

Another research reported ransomware damage expenses reached $20 billion back in 2021.

The cost is forecast to exceed a mind-blowing $265 billion in 2031.

A recent incident forced a gigantic Chinese bank to drive their portfolio/trading info across town in a USB drive as their “BCP.”

This clearly sets cyberattacks as one of the most relevant threats businesses of all sizes face.

Business continuity plan vs. disaster recovery plan

What is the difference between a business continuity plan and a disaster recovery plan (DRP)?

There’s none because a disaster recovery plan is a subset of a BCP. The devil is in the details.

A business continuity plan is your organization’s central shield against disruptions.

It’s your all-encompassing strategy to reduce downtime, minimize damage, and maintain your organization’s overall health.

Meanwhile, a DRP zooms in on your information technology infrastructure and data. It’s your insurance policy for digital assets.

Disaster recovery plans provide precise procedures for data backup, recovery, and system restoration in case of data-related cataclysms.

Together, they form an unbeatable hybrid to make your organization resilient and ready to tackle any challenges that come your way.

Don’t navigate this journey alone

In a world where disruptions are the norm, your BCP is a guardian against the unexpected.

PandaDoc is your dedicated partner, ready to facilitate your document automation and provide business continuity plan templates.

We offer the tools and expertise to help you build a robust BCP. No matter the disruption, we’re here to bolster your preparedness.

If you need professional advice, please don’t hesitate to drop us a line anytime you see fit.

PandaDoc is not a law firm, or a substitute for an attorney or law firm. This page is not intended to and does not provide legal advice. Should you have legal questions on the validity of e-signatures or digital signatures and the enforceability thereof, please consult with an attorney or law firm. Use of PandaDoc services are governed by our Terms of Use and Privacy Policy.

Related articles

Document templates 10 min

Sales 9 min

Document templates Marketing 11 min

Advisory boards aren’t only for executives. Join the LogRocket Content Advisory Board today →

• Product Management
• Solve User-Reported Issues
• Find Issues Faster
• Optimize Conversion and Adoption

How to craft an effective business continuity plan

Let me take you back in time to the United Kingdom in the 1970s. Punk music was gaining popularity, and the Sex Pistols entered the punk rock scene with the force of a shooting star, capturing fans’ attention.

But as quickly as they arrived, they quickly left the scene. When they broke up in 1978 after a period of internal conflicts, legal troubles, and their frontman’s imprisonment, fans were left both shocked and surprised.

Just like the Sex Pistols, plenty of companies experience rapid growth and success, only to face unexpected challenges and internal conflicts that result in their downfall.

In this article, we’ll draw inspiration from the Sex Pistols’ turbulent journey to explore the concept of business continuity planning (BCP). We’ll look at what a BCP is, why you need one and delve into the strategies and contingency measures that can help you maintain your rhythm and continuity, even when faced with the inevitable storms that can disrupt your operations.

What is a business continuity plan?

A business continuity plan describes how you’ll continue your business when disaster hits. It is a structured strategy outlining how your organization will maintain essential functions when disaster strikes, to ensure minimal downtime and guarantee that operations continue.

Why do you need a BCP in place?

The BCP is crucial and revolves around ensuring your resilience and ability to continue operating in the face of unexpected disruptions, such as natural disasters, cyberattacks, or other emergencies.

Let’s look at it a bit closer, and understand some of the key reasons to have a BCP better:

Minimize downtime

Protect revenue and reputation, compliance and legal requirements, resource allocation, maintain customer service, employee safety.

A BCP helps you minimize downtime. It does this by providing a structured approach to quickly recover and resume your critical business functions.

Example: You’re a retail company with an extensive online presence. If your website experiences a cyberattack that takes it offline, a well-prepared BCP outlines the steps to take to mitigate the attack, get your website back up in no time, and allow you to continue serving your customers.

No one likes disruptions as they result in revenue loss and can damage your reputation. A BCP helps you protect against financial losses and keep customer trust.

Example: You’re the owner of a restaurant chain with multiple locations and one of your branches has a food safety crisis. A BCP can guide you in managing the crisis, ensuring food safety compliance, and communicating effectively with customers to maintain trust in the brand and other locations.

Some industries, like the financial, and pharma industries, have regulatory requirements that mandate businesses to have BCPs in place. Failure to do so has legal and financial consequences.

Example: You’re the owner of a FinTech company. You are required by regulators to have robust BCPs to ensure customer data security and financial system stability.

When a crisis hits you need the right resources to get you back up and running. A BCP helps allocate resources effectively during a crisis, ensuring that personnel, equipment, and materials are used efficiently to address the most critical needs.

Over 200k developers and product managers use LogRocket to create better digital experiences

Example: You’re a manufacturing company hit by a sudden supply chain disruption because the Suez Canal is blocked again. You use your BCP to allocate available resources to meet customer demands and minimize production delays.

When all hell breaks loose you want to make sure customer experience takes a minimum blow. A BCP outlines measures to maintain customer service and communication, so customers receive timely updates and support.

Example: You run an airline and there is a labor strike. Your BCP tells you how to manage customer inquiries, rebook affected passengers, and maintain a level of service.

Let’s not forget about the well-being of your employees. During a crisis, this is a top priority. A BCP includes procedures for evacuations, remote work arrangements, and employee support.

Example: There is a fire at your workplace. The BCP outlines evacuation routes, assembly points, and contact information for employees to report their safety status.

Business continuity planning: Steps for success

That’s a lot of reasons, right? Now that we addressed the necessity and urgency of having BCP, let’s look at 5 steps to creating a successful one:

• Analyze your company
• Assess the risk
• Create the procedures
• Get the word out
• Iterate and improve

1. Analyze your company

In this phase you conduct an analysis to identify critical activities, determine which activities must continue, which can be temporarily paused, and which can operate at a reduced capacity.

You then assess the financial impact of disruptions. This involves asking yourself the question, “How long can I operate without generating revenue and incurring recovery costs?”

As this step covers your whole company, it’s important to get key stakeholders involved from the beginning.

2. Assess the risk

Now you have a good overview of your critical processes and the impact of disruption. At this point, pivot your attention to the risks they face, how well you can handle when things don’t work as usual, and how long you can manage if things go wrong.

The goal here is to understand what could go wrong and find ways to avoid, reduce, or transfer them. This assessment will help you strengthen your preparedness and resilience.

More great articles from LogRocket:

• How to implement issue management to improve your product
• 8 ways to reduce cycle time and build a better product
• What is a PERT chart and how to make one
• Discover how to use behavioral analytics to create a great product experience
• Explore six tried and true product management frameworks you should know
• Advisory boards aren’t just for executives. Join LogRocket’s Content Advisory Board. You’ll help inform the type of content we create and get access to exclusive meetups, social accreditation, and swag.

Think about risks specific to your industry and location

It’s important to consider both internal (e.g. an IT system failure or employee shortage) and external threats (e.g. a natural disaster or supply chain disruption) to your critical business activities.

3. Create the procedures

Once you analyze and assess, you need to create procedures.

Develop detailed, step-by-step procedures to minimize risks to your organization’s people, operations, and assets. This can include changes to your operating model, such as using alternative suppliers or implementing remote work options.

4. Get the word out

A plan is just a plan and no one will know how to act if you don’t communicate.

This step is all about communication. Integrate the BCP into your operations, policies, and company culture, and train, test, and communicate with your employees.

And don’t forget that communication is not limited to your company only. Communicate with external stakeholders, customers, suppliers, and so forth.

5. Iterate and improve

Before implementing your BCP ensure its effectiveness.

Don’t worry there are plenty more options to test your BCP. Consider involving external stakeholders or vendors as it makes exercises more realistic. Frequently train those who are accountable for executing the BCP.

After experiencing a real incident or conducting a training exercise, update your plan to improve its ability to protect your business. Keep in mind that both your organization’s development and the circumstances you operate in change, so a regular review isn’t a luxury but a necessity.

How to structure your continuity plan

Now you have a high-level understanding, let’s look at how to structure your business continuity plan.

You can find a copy of the template I use here .

Make sure to include the following sections in your BCP:

Version history

Executive summary, functions and process prioritization, plan activation, governance and responsibilities, recovery plans, crisis communication plan, emergency location and contents, review and testing.

This section shows the revision history. It includes the version numbers of the changes made, by whom, when, and who approved the changes. The revision history allows anyone reading the BCP to understand how it has evolved over time.

The executive summary provides a brief summary of the key objectives, goals, scope, and applicability of the BCP.

This chapter outlines the critical functions and processes in scope of continuation in case of a disastrous event.

This section refers to the risk and business impact assessment outcome. Its aim is to set out what triggers the activation of the plan.

Governance and responsibilities talks about who has to act when the BCP is activated. It includes the members, a description of their responsibilities, contact details of the BCP team, and the chain of command during a crisis.

This section builds upon the business continuity strategies, specifically the one chosen when a disaster occurs. It describes the detailed recovery plans for each critical function, the procedures for restarting operations, resource allocation, and recovery time objectives (RTOs).

Here you cover the internal and external communication strategies. You also address employee awareness and training activities.

Now there is a good chance the disaster will require your crucial activities to temporarily continue at a different location. This section covers all details about the location and what needs to be available at the location.

The BCP is to be tested to reduce the risk of missing things or even worse failing. Here jot down the testing procedures and document results and lessons learned.

This section includes all appendices. Think about the following

• Supporting documents, such as contact lists, maps, and technical specifications
• References to external standards, guidelines, or regulations
• Training programs for BCP team members
• Review of insurance policies
• Financial reserves and funding for recovery efforts
• Procedures for keeping the BCP documentation up to date

Business continuity plan example

Earlier this year, the Koninklijke Nederlands Voetbal Bond (KNVB), which is the Royal Dutch Football Association, was hit by ransomware. The cyberattackers threatened to share personally identifiable information captured and the KNVB paid over one million euros to avoid this from happening.

What could have been done to mitigate the ransomware attack risk?

The Risk of the attack to succeed could have been mitigated with:

• Regular data backups
• Segmentation of networks
• Intrusion detection systems

How to ensure business continuity in case of ransomware?

In response to the ransomware incident, and to allow for continued business as usual as soon as possible, steps could include:

• Isolating affected systems
• Activating backups
• Notifying law enforcement
• Engaging with a cybersecurity incident response team

Key takeaways

A business continuity plan (BCP) is like a safety net for your business when things go haywire. It helps you keep going, avoiding downtime, revenue loss, and reputation hits. On top of that, it’s a legal must in certain industries.

To make a solid BCP, just follow five steps: figure out what’s crucial for your business, spot the risks, plan how to bounce back, make sure everyone knows the plan, and keep fine-tuning it.

Structurally, your BCP should have sections like history, a quick guide, what’s most important, when to activate it, who’s in charge, the nitty-gritty recovery plans, how communication is done, where to go in a crisis, how to test the BCP works, and some extra info.

Featured image source: IconScout

LogRocket generates product insights that lead to meaningful action

Get your teams on the same page — try LogRocket today.

Share this:

• Click to share on Twitter (Opens in new window)
• Click to share on Reddit (Opens in new window)
• Click to share on LinkedIn (Opens in new window)
• Click to share on Facebook (Opens in new window)
• #collaboration and communication
• #project management

Stop guessing about your digital experience with LogRocket

Recent posts:.

Leader Spotlight: Removing opinions about what to build, with Keith Agabob

Keith Agabib shares examples of creating business cases from research, data, and consumer insights to remove opinions around what to build.

A guide to people management

People management refers to the task of managing, overseeing, and optimizing employees to drive a team towards achieving its goals.

Conducting a workshop for creating effective user stories

A user story workshop is where the whole product team and relevant stakeholders get together to build a shared understanding.

Leader Spotlight: Linking customer satisfaction metrics to business outcomes, with Darlene Miranda

Darlene Miranda discusses the importance of creating an obvious link between customer experience metrics and the business outcome.

Leave a Reply Cancel reply

+1 512-347-9300

Business Continuity Planning: Definition, Examples and How to Write One

The COVID-19 crisis caught organizations around the world by surprise and left companies scrambling to figure out how to keep their operations running while simultaneously supporting an entirely remote workforce and new business processes. A recent Business Continuity Survey by industry research firm Gartner showed that only 12% of organizations felt highly prepared for the impact of coronavirus. “This lack of confidence shows that many organizations approach risk management in an outdated and ineffective manner,” said Matt Shinkman, vice president in the Gartner Risk and Audit practice. “The best-prepared organizations will manage the disruption caused by the coronavirus far better than their less-prepared peers.”

Catastrophic events like the coronavirus pandemic are impossible to predict, so your organization must be prepared with a business continuity plan in advance. Not only does a business continuity plan help mitigate risks in a catastrophic event, but it also protects your employees and assets, ensuring that your business recovers as quickly as possible. Being ill-prepared for a crisis can be extremely costly to a company. Gartner estimates, on average, businesses lose $5,600 every minute during downtime , which equates to a range of $140,000–$540,000 per hour. In this blog, we explain the rationale for having a current and tested business continuity plan and provide tips for creating a business continuity program that protects your company in the event of a crisis.

What Is a Business Continuity Plan?

A business continuity plan (BCP) is a document that outlines procedures for maintaining operations, or quickly resuming operations, during an unplanned disruption, disaster or crisis. A BCP typically identifies key emergency responders and contains detailed instructions an organization must follow in the event of significant disruption.

Why You Need a Plan: 5 Types of Crises Your Business Could Face

A crisis can be any unforeseen occurrence that causes an unstable and dangerous situation for a company. Sooner or later, no matter the size or industry, all organizations will encounter some sort of crisis. Below are the five most common types of crises a business could face.

1. Financial crisis

A financial crisis occurs when a business loses value in its assets and the company owes significantly more money than it can reasonably pay. Typically, this occurs when there is a sudden shift in the market or a dramatic drop in demand for the company’s product or service. For example, a competitor that comes out with a similar but superior product with a cheaper base cost could cause the demand for your product to significantly drop, resulting in a considerable financial loss for your company. Financial crises directly result in a loss of value for a company and can undermine company confidence among employees, investors and customers.

2. System outages or downtime

Information technology (IT), as well as essential business applications and systems, are critical to day-to-day operations and keeping businesses running smoothly. Technological failures, cyberattacks, outages or security breaches can greatly hinder or completely shut down a company’s operations, resulting in enormous losses for the organization. Frequent news stories about data breaches illustrate how this type of risk is a growing concern for enterprise companies. IT outages and breaches can also result in a major hit to the product’s or service’s reputation.

3. Unplanned loss of key personnel

A personnel crisis occurs when an employee or a key individual who’s associated with an organization abruptly leaves the company due to health, misconduct or other unforeseen circumstances. The unplanned loss of key employees, particularly those in leadership roles, often has a lasting and negative impact on business performance. Additionally, if the employee’s departure is due to misconduct, the company may experience backlash and reputational damage if the offense is perceived as a reflection of the company’s culture. Social media has amplified the speed and scope of negative publicity from personnel misconduct.

4. Organizational misdeeds

An organizational misdeed occurs when a company’s management willingly and knowingly behaves in a manner that results in negative consequences for its shareholders, employees or customers. This type of crisis may include a company withholding vital information, exploiting employees, adopting misleading policies, abusing managerial powers or misrepresenting the company’s products or services. An automobile manufacturer that sells their latest model car with faulty brakes is an example of a company committing an organizational misdeed. Whether this misdeed was unintentional or planned, public knowledge of the misdeed will almost certainly result in reputational or financial damage for the company.

5. Natural disasters

A natural disaster is any cataclysmic phenomenon that negatively impacts a company, such as a volcano, an earthquake, flooding, a hurricane, a tornado, or an outbreak of a virus. Damages caused by these calamities are typically large in scale and may affect an entire area or industry or even the global economy. The recent COVID-19 pandemic is an example of a natural disaster that negatively affected economies, employees, and organizations around the world.

How to Write a Business Continuity Plan in 5 Steps

Creating a business continuity plan helps protect your assets and personnel and gives you the best chance of successfully navigating an unanticipated crisis. While no one is able to predict when and how devastating events will negatively impact their business, crisis management, is important as it helps you prepare for them in advance.

To begin brainstorming and drafting your business continuity plan, form a team composed of staff with in-depth knowledge of your business functions and processes. It’s especially important to include cross-functional representatives spanning IT, Human Resources and finance to determine what strategies and plans are viable.

For those who haven’t yet created a business continuity plan, you can follow the step-by-step instructions below. You may also want to use a business continuity plan template to help guide you in the drafting process.

Step 1: Conduct a business impact analysis

The first step in developing an organization-wide business continuity plan is conducting a business impact analysis  and risk assessment exercise. The initial review will identify threats to your organization and determine how each crisis will impact your business. Try to come up with an exhaustive list that includes obvious risks — like physical damage to your building due to extreme weather or a sudden shift in the market — as well as obscure threats, like an outbreak of a contagious virus. When determining operational time lost or delays due to a disaster or crisis, it’s important to account for the best- and worst-case scenarios. Once completed, you will want to quantify the financial impact each event could potentially have on your business so you can plan accordingly.

Step 2: Discuss recovery options

Your team should now discuss strategies for recovering from a crisis and the best way to restore business operations for each scenario. Include the required resources needed to execute an emergency response, each recovery option and how those resources should function. For damage to your physical buildings or to reduce the spread of a virus, implement a tech stack  and IT strategy that can support a remote workforce and keep your operations running outside the office.

Additionally, many third-party companies support business continuity and information technology recovery strategies for critical business functions. For IT outages and breaches, you may consider contracting a vendor specializing in data loss prevention services in advance. Depending upon the size of your organization and available resources, there may be many different recovery options that can be explored for each event.

Step 3: Refine your continuity plan

Now it’s time to map each crisis scenario with your recovery plans to narrow down the list to the best options. Decide which strategies will help your business recover as quickly as possible while keeping your employees and assets safe. While you’ll want to have plans for best- and worst-case scenarios, it’s essential to simplify the plans with easy-to-understand instructions. Remember, emergency responders and employees may need to implement these plans with just a moment’s notice when disaster strikes.

Step 4: Train your team

A great plan is only as good as its execution. That’s why it’s crucial that you educate and train your staff on how to respond to crises. First, identify key personnel who will be the first to assist and follow the business continuity plan in the event of an emergency. These employees should know their specific responsibilities and roles in the plan. While your designated emergency responders will need the most training, you should get your whole staff involved with the BCP, even if they are not directly affected. Embed continuity training into your company culture so all employees know how to respond to various scenarios and whom they should contact in an emergency.

Discussing the need for a business continuity culture, MHA Consulting’s Richard Long writes , “When an organization has a continuity culture, its employees constantly ask themselves the question: How do we ensure that this process, application or function will remain available (even in a degraded state) in case of a disaster?”

Step 5: Map out the transitional phase

Finally, map out the transitional phase to ease back into normal operations and work postcrisis. Determine what requirements need to be met before business operations can resume. If your physical building was damaged, what steps need to be completed before employees can safely return to the office? If a key individual who’s associated with your organization abruptly leaves due to misconduct, how will you communicate this with your employees and help them transition back into a normal workflow? The effects of some events may be extremely personal for your staff and extend far beyond the initial shock. It’s important to plan out different scenarios of how and when business operations can return to normal after a crisis.

Business Continuity Plan in the COVID-19 Era

The COVID-19 pandemic presents a serious threat to individuals, businesses and entire economies around the world. Many companies implemented mandatory work-from-home policies for their entire workforces to slow the spread of the virus. With the ongoing uncertainty surrounding coronavirus, organizations are now faced with a new challenge: how and when to return employees to the workplace safely. While your initial focus may be getting your employees back in the office, you must keep your employees’ safety, comfort and well-being in mind. Here are our five recommendations for business continuity management planning in the COVID-19 era.

1. Work toward a work-from-home + office hybrid model

Not all employees will be ready to return to the office after COVID-19 is suppressed. Some will need to continue to work from home for medical or personal reasons and therefore needs to be accounted for in your planning process. Other employees will be ready and eager to return to office life full-time or may want to continue to work remotely but commute into the office a few days every week. Consider instituting a hybrid work model with some employees working from the office and others working from home on either a permanent or rotating basis. This gives your staff the flexibility to work from wherever they are most comfortable and keeps everyone productive and engaged during this transitional phase. Decide what the business recovery point objective is and decide what works best for your team members; fully remote, hybrid work model, or the traditional office setting.

2. Build a tech stack that supports remote work

To support a distributed workforce made up of remote and in-office employees, you must invest in tools that enable seamless work and collaboration  regardless of your employees’ locations. Cloud-based technology allows employees to effectively work from anywhere they can connect to the internet. Productivity and collaboration no longer happen at a single office location. Delivered via the cloud, video conferencing , messaging apps and project management tools make it easier than ever before for distributed team members to meet, share ideas and seamlessly work together, even if they are not physically together.

3. Create a video-first culture

Employee satisfaction and happiness go hand in hand with a collaborative and inclusive culture. This is especially important when transitioning into a hybrid work model made up of remote and in-office workers. Remote employees should feel just as informed and included as their in-office colleagues. Create a video-first culture that places a priority on using video conferencing tools for all team meetings, as opposed to audio-only conference calls or text-based tools. The face-to-face interactions help teams with remote workers stay engaged during meetings and build collaborative and authentic relationships.

4. Reduce coronavirus transmission in the office

The best way to stop the spread of the virus in the workplace is to keep the germs out of the office in the first place. This starts with educating your workforce on the signs and symptoms of COVID-19 and encouraging employees to stay home if they feel sick. Additionally, employees should follow CDC guidelines for social distancing in the office and practice good hygiene by thoroughly washing their hands throughout the day. Workstations will need to be properly spaced apart and thoroughly disinfected and cleaned every day to reduce the spread of the virus.

5. Create a contingency strategy

Your business continuity plan for returning to work post-COVID-19 should include a contingency strategy in case there is an outbreak of the virus in the office. The key to a solid contingency strategy that quickly stops the spread of the virus is preparation and communication. Reach out to your staff immediately if an employee tests positive for the virus or comes into contact with an infected person. Employees should be able to start working remotely with short notice. This means employees will need to take their laptops and work home with them on a daily basis.

We rarely get advance notice that a catastrophic event is about to occur. Even with some lead time, multiple things can go wrong as the events unfold in unexpected ways. An effective business continuity plan is the best safety net for an organization facing a crisis. Even though costs and time are involved in creating the plan, a BCP is invaluable to your company. Well-thought-out and executed plans give your company the best chance of keeping your employees and assets safe while maintaining or restoring operations in a timely matter during a crisis.

Get stories like this in your inbox.

Improving the Video Conferencing Experience in the Era of Remote Work

In case you’ve been living under a rock for the past six months, it’s clear that remote work and distributed teams are here to stay, even after the pandemic recedes. While some workers will gradually find their way back to in-person (office or otherwise) workplace settings, this is just the on-ramp to the highway of working from anywhere for many others.

• Artificial Intelligence
• Generative AI
• Business Operations
• Cloud Computing
• Data Center
• Data Management
• Emerging Technology
• Enterprise Applications
• IT Leadership
• Digital Transformation
• IT Strategy
• IT Management
• Diversity and Inclusion
• IT Operations
• Project Management
• Software Development
• Vendors and Providers
• Enterprise Buyer’s Guides
• United States
• Middle East
• Italia (Italy)
• Netherlands
• United Kingdom
• New Zealand
• Foundry Careers
• Terms of Service
• Privacy Policy
• Cookie Policy
• Copyright Notice
• Member Preferences
• About AdChoices
• Your California Privacy Rights

Our Network

• Computerworld
• Network World

How to create an effective business continuity plan

A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood, or cyberattack. here’s how to create a plan that gives your business the best chance of surviving such an event..

The tumultuous events of the past several years have impacted practically every business. And with the number of extreme weather events, cyberattacks, and geopolitical conflicts continuing to rise, business leaders are bracing for the possibility of increasingly more frequent impactful incidents their organizations will need to respond to.

According to PwC’s 2023 Global Crisis and Resilience Survey , 96% of 1,812 business leaders said their organizations had experienced disruption in the past two years and 76% said their most serious disruption had a medium to high impact on operations.

It’s little wonder then that 89% of executives list resilience as one of their most important strategic priorities.

Yet at the same time, only 70% of respondents said they were confident in their organization’s ability to respond to disruptions, with PwC noting that its research shows that too many organizations “are lacking the foundational elements of resilience they need to be successful.”

A solid business continuity plan is one of those foundational elements.

“Every business should have the mindset that they will face a disaster, and every business needs a plan to address the different potential scenarios,” says Goh Ser Yoong, head of compliance at Advance.AI and a member of the Emerging Trends Working Group at the professional governance association ISACA.

A business continuity plan gives the organization the best shot at successfully navigating a disaster by providing ready-made directions on who should do what tasks in what order to keep the business viable.

Without such as a plan, the organization will take longer than necessary to recover from an event or incident — or may never recover at all.

What is a business continuity plan?

A business continuity plan (BCP) is a strategic playbook created to help an organization maintain or quickly resume business functions in the face of disruption, whether that disruption is caused by a natural disaster, civic unrest, cyberattack, or any other threat to business operations.

A business continuity plan outlines the procedures and instructions that the organization must follow during such an event to minimize downtime, covering business processes, assets, human resources, business partners, and more.

A business continuity plan is not the same as a disaster recovery plan , which focuses on restoring IT infrastructure and operations after a crisis. Still, a disaster recovery plan is part of the overall strategy to ensure business continuity, and the business continuity plan should inform the action items detailed in an organization’s disaster recovery plan. The two are tightly coupled, which is why they often are considered together and abbreviated as BCDR.

Why business continuity planning matters

Whether you operate a small business or a large corporation, it’s vital to retain and increase your customer base. There’s no better test of your capability to do so than right after an adverse event.

Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company’s future depends on your people and processes. Being able to handle any incident effectively can have a positive effect on your company’s reputation and market value, and it can increase customer confidence.

Moreover, there are increasing consumer and regulatory expectations for both enterprise security and continuity today. Consequently, organizations must prioritize continuity planning to prevent not only business losses, but financial, legal, reputational, and regulatory consequences.

For example, the risk of having an organization’s “license to operate” withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence.

Building (and updating) a business continuity plan

Whether building the organization’s first business continuity plan or updating an existing one, the process involves multiple essential steps.

Assess business processes for criticality and vulnerability: Business continuity planning “starts with understanding what’s most important to the business,” says Joe Nocera, principle in the cyber risk and regulatory practice at PwC, a professional services firm.

So the first step in building your business continuity plan is assessing your business processes to determine which are the most critical; which are the most vulnerable and to what type of events; and what are the potential losses if those processes go down for a day, a few days, or a week.

“This step essentially determines what you are trying to protect and what you are trying to keep up for systems,” says Todd Renner, senior managing director in the cybersecurity practice at FTI Consulting.

This assessment is more demanding than ever before because of the complexity of today’s hybrid workplace, the modern IT environment, and the reliance on business partners and third-party providers to perform or support critical processes.

Given that complexity, Goh says a thorough assessment requires an inventory of not only key processes but also the supporting components — including the IT systems, networks, people, and outside vendors — as well as the risks to those components.

This is essentially a business impact analysis.

Determine your organization’s RTO and RPO: The next step in building a business continuity plan is determining the organization’s recovery time objective (RTO), which is the target amount of time between point of failure and the resumption of operations, and the recovery point objective (RPO), which is the maximum amount of data loss an organization can withstand.

Each organization has its own RTO and RPO based on the nature of its business, industry, regulatory requirements, and other operational factors. Moreover, different parts of a business can have different RTOs and RPOs, which executives need to establish, Nocera says.

“When you meet with individual aspects of the business, everyone says everything [they do] is important; no one wants to say their part of the business is less critical, but in reality you have to have those challenging conversations and determinations about what is actually critical to the business and to business continuity,” he adds.

Detail the steps, roles, and responsibilities for continuity: Once that is done, business leaders should use the RTO and the RPO, along with the business impact analysis, to determine the specific tasks that need to happen, by whom, and in what order to ensure business continuity.

“It’s taking the key components of your analysis and designing a plan that outlines roles and responsibilities, about who does what. It gets into the nitty-gritty on how you’re going to keep the company up and running,” Renner explains.

One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel, and backup site providers.

Although the list of possible scenarios that could impact business operations can seem extensive, Goh says business leaders don’t have to compile an exhaustive list of potential incidents. Rather, they should compile a list that includes likely incidents as well as representative ones so that they can create responses that have a higher likelihood of ensuring continuity even when faced with an unimagined disaster.

“So even if it’s an unexpected event, they can pull those building blocks from the plan and apply them to the unique crisis they’re facing,” Nocera says.

The importance of testing the business continuity plan

Devising a business continuity plan is not enough to ensure preparedness; testing and practicing are other critical components.

Renner says testing and practicing offer a few important benefits.

First, they show whether or how well a plan will work.

Testing and practicing help prepare all stakeholders for an actual incident, helping them build the muscle memory needed to respond as quickly and as confidently as possible during a crisis.

They also help identify gaps in the devised plan. As Renner says: “Every tabletop exercise that I’ve ever done has been an eye-opener for everyone involved.”

Additionally, they help identify where there may be misalignment of objectives. For example, executives may have deprioritized the importance of restoring certain IT systems only to realize during a drill that those are essential for supporting critical processes.

Types and timing of tests

Many organizations test a business continuity plan two to four times a year. Experts say the frequency of tests, as well as reviews and updates, depends on the organization itself — its industry, its speed of innovation and transformation, the amount of turnover of key personnel, the number of business processes, and so on.

Common tests include tabletop exercises , structured walk-throughs, and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.

A tabletop exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.

In a structured walk-through, each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.

Some experts also advise a full emergency evacuation drill at least once a year.

Meanwhile, disaster simulation testing — which can be quite involved — should still be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel (including business partners and vendors) who would be needed. The purpose of a simulation is to determine whether the organization and its staff can carry out critical business functions during an actual event.

During each phase of business continuity plan testing, include some new employees on the test team. “Fresh eyes” might detect gaps or lapses of information that experienced team members could overlook.

Reviewing and updating the business continuity plan should likewise happen on an ongoing basis.

“It should be a living document. It shouldn’t be shelved. It shouldn’t be just a check-the-box exercise,” Renner says.

Otherwise, plans go stale and are of no use when needed.

Bring key personnel together at least annually to review the plan and discuss any areas that must be modified.

Prior to the review, solicit feedback from staff to incorporate into the plan. Ask all departments or business units to review the plan, including branch locations or other remote units.

Furthermore, a strong business continuity function calls for reviewing the organization’s response in the event of an actual event. This allows executives and their teams to identify what the organization did well and where it needs to improve.

How to ensure business continuity plan support, awareness

One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.

Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts?

Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and punctuate its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.

Related content

Ai poised to replace entry-level positions at large financial institutions, tractor supply enlists ai to deliver ‘legendary’ customer service, 10 highest-paying it skills for 2024, an intro to innovation in the u.s. government, from our editors straight to your inbox, show me more, ai at the retail edge: what’s new, and what’s coming soon.

How technology is shaping education in Saudi Arabia

Oracle makes its pitch for the enterprise cloud. Should CIOs listen?

CIO Leadership Live UK with The Zensory Co-founders

CIO Leadership Live Australia with Scott Andrews, Chief Operating Officer, Idea Science

Eaton CIO Katrina Redmond on optimizing AI and digital services

3 Leadership Tips: Giovanni Pizzoferrato, CTO, Kinaxis

3 Leadership Tips: Adam Ennamli, Chief Risk Officer, General Bank of Canada

Home  >  Learning Center  >  Business continuity planning (BCP)  

Article's content

Business continuity planning (bcp), what is business continuity.

In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.

Start with a business continuity plan

Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.

A business continuity plan (BCP) should comprise the following element

1. Threat Analysis

The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:

2. Role assignment

Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.

Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.

3. Communications

A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.

Your strategy should include:

• Methods of communication (e.g., phone, email, text messages)
• Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
• Means of contacting employee family members, media, government regulators, etc.

From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:

• Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
• Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
• Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).

Load balancing business continuity

Load balancing  maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.

In contrast to the reactive measures used in failover and  disaster recovery  (described below) load balancing is a preventative measure.  Health monitoring  tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.

Disaster recovery plan (DCP) – Your second line of defense

Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.

As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and  RPO .

• Recovery time objective (RTO)  – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
• Recovery point objective (RPO)  – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.

Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.

See how Imperva Load Balancer can help you with business continuity planning.

Choosing the right failover solutions

Failover  is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.

A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.

When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.

For an IT organization charged with the business continuity of a website or web application, there are three failover options:

• Hardware solutions  – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
• DNS services  – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes  TTL-related delays  that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
• On-edge services  – On-edge failover is a managed solution operating from off-prem (e.g., from the  CDN  layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.

Latest Blogs

• Industry Perspective

Lynne Murray

Apr 2, 2024 3 min read

Brian Robertson

Mar 11, 2024 4 min read

Feb 28, 2024 5 min read

, Paul Steen

Feb 26, 2024 5 min read

, Shiri Margel

Dec 1, 2023 5 min read

Latest Articles

• Regulation & Compliance

621.4k Views

197.4k Views

42.3k Views

40.7k Views

39.9k Views

35.9k Views

29.8k Views

Protect Against Business Logic Abuse

Identify key capabilities to prevent attacks targeting your business logic

The 10th Annual Bad Bot Report

The evolution of malicious automation over the last decade

The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

An Imperva security specialist will contact you shortly.

Top 3 US Retailer

The Backbone of Resilient Organizations: Demystifying Business Continuity

What is business continuity.

No matter what business you’re in, unexpected disruptions can happen. Outages, natural disasters, supply chain failures, cyber incidents, equipment failures, and other physical and technical issues can all disrupt your ability to function and thrive.

To ensure your business is ready for unexpected events, you need to know what to do when things go wrong—and this is where business continuity comes in. Read on to learn more about business continuity, including disaster recovery, and what to include in your business continuity plan. Also, find out about business continuity management and business continuity solutions.

What is business continuity and why is it important?

Business continuity is an organization’s readiness to continue functioning during times of disruption. Business continuity is important because it reduces the potential impact of a disruption on customers, employees, and partners.

Having a business continuity plan (BCP)—which includes the analysis, technology, documentation, training, key team members, and procedures involved in resolving potential crisis situations—is vital for ensuring business continuity. A BCP includes goals focused on minimizing the potential impact of a crisis on a company’s financials and reputation—and maintaining industry, regional, and global compliance standards and regulations.

What’s the difference between business continuity and disaster recovery?

While business continuity and disaster recovery are often used interchangeably, they’re not the same thing.

Disaster recovery is a key part of a business continuity plan and is focused specifically on systems, data, and IT infrastructures. It includes technology, strategies, and processes for saving, restoring, and recovering data and protecting against cyber threats.

For a BCP to be successful in reducing downtime, mitigating risks, and remediating issues like data loss and corruption, disaster recovery measures are crucial. While both involve processes, people, and technology, business continuity offers a much wider scope to encompass the steps necessary for maintaining operations across every part of a business.

What should be included in a business continuity plan?

There are three components of a business continuity plan to consider:

• Resilience—developing business functions and infrastructures to be prepared for an unexpected situation.
• Recovery—setting up backup and recovery solutions for your applications, systems, and networks; determining what systems should be prioritized in the event of a disaster; and choosing a third-party vendor for additional help and resources if necessary.
• Contingency—creating steps for what to do if a disruption occurs. This includes setting up a chain of command with key people and defining their responsibilities when it comes to communication, technology, third-party contracting, and coordinating temporary spaces. Keep these in mind at every step in the planning process to help ensure your BCP covers the full scope of your business.

With these three key components in mind, take the following steps to start building your business continuity plan:

• Run a business impact analysis (BIA), which examines your current business functions, processes, and technology. An analysis will uncover potential vulnerabilities, risks, and threats you might encounter. Doing so helps identify areas of improvement and what to prioritize. After an analysis, you may consider making additional technology investments as well.
• Outline and assign responsibilities for who will delegate, act, and support in the event of a crisis. These individuals will execute any necessary steps, be points of contact, gather resources, and guide efforts to minimize downtime for affected business functions.
• Determine alternative forms of communication in case your standard means of communication are impacted by an outage or downtime.
• Prepare backup equipment in case of damage or outages to prevent business-critical functions from stopping.
• Understand and follow business continuity standards, which are legal and regulatory requirements determined for an industry. These are helpful when determining what steps you need to take in scenarios such as a breach or data loss. Creating a plan isn’t the last step—to make business continuity an important part of your organization, you also need business continuity management.

What is business continuity management?

Business continuity management includes the processes you put in place to set up and maintain your business continuity plan. It should include the following:

• Creating policies that define the scope, objectives, and principles of business continuity. These should always keep the customer in mind to ensure you’ve documented what business-critical functions may impact customers and who is involved in customer service communication in the event of an outage or disruption.
• Assembling business continuity teams throughout your organization who can communicate and enforce policies and procedures that are put in place. These employees will take part in ongoing reviews and tests to make sure everything and everyone is properly prepared for an incident.
• Supporting a culture of business continuity by educating your entire organization about risks, policies, and documentation available. Offering ongoing training is an important way to increase awareness and gather data to see if there are any gaps or areas in need of improvement.
• Maintaining up-to-date compliance standards and best practices to make sure your processes, workflows, and employees all work within the correct industry standards as they relate to data. If a business doesn’t keep up and an unexpected disruption occurs, there’s the risk of increased financial damages, legal costs, and fines.

Keeping track of all the continuously developing parts of a business continuity plan can be daunting for a growing organization. To reduce the time and effort involved, many businesses invest in business continuity solutions.

What kind of business continuity solutions should I consider?

The business continuity solutions you choose should be based on your organization’s needs. Depending on the industry you’re in, the size of your company, and your business-critical functions, you’ll find a range of software and resources available. These options include:

• Cloud-based storage solutions, which provide a secure, remote location to back up and run workflows and applications, as well as store data. If there’s a breach or error causing data loss, you can access what you need from the cloud.
• Backup and recovery tools for making copies of the data, applications, and systems within your IT infrastructure. If anything is deleted, corrupted, or shut down during a disruption, you can restore them and minimize downtime. These solutions offer different options for running backups, including automatically on a schedule, instantly, or as needed.
• Virtualization tools that replicate environments and workspaces. If there’s an outage or device issues, employees can still access their applications and run processes as normal, reducing downtime that may affect services.
• Contracts with third-party providers, such as disaster-recovery-as-a-service (DRaaS) and backup-as-a-service. Based on your agreement, a provider can run data backups, host your IT infrastructure, and offer support in the event of a disaster. These services are typically offered with a subscription or a pay-as-you-use model and include support from IT and cybersecurity experts.
• Unified communication tools to support collaboration across your entire organization. With one platform for connecting frontline workers, customer service agents, and other key members of your continuity teams, it’s easier to keep everyone up to date on disruptions and manage shifts and schedules to make sure the right people are available.

Business continuity should be a priority for any growing business looking to ensure the safety and security of their employees, technology, and data. To support the planning process, there are several solutions available to make business continuity planning easier. Though you can’t predict or prevent every disruption, with the right tools, a solid plan, and an educated team, business continuity can save you time, money, and resources across your organization.

Learn more • Developing your business continuity plan • Business continuity and disaster recovery

About the author

Get started with Microsoft 365

It’s the Office you know, plus the tools to help you work better together, so you can get more done—anytime, anywhere.

Business Insights and Ideas does not constitute professional tax or financial advice. You should contact your own tax or financial professional to discuss your situation..

• Skip to content
• Skip to search
• Skip to footer

What Is Business Continuity?

Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.

• Watch video (1:14)
• Business continuity

Contact Cisco

• Get a call from Sales

Call Sales:

• 1-800-553-6387
• US/CAN | 5am-5pm PT
• Product / Technical Support
• Training & Certification

Is business continuity the same as business resilience or disaster recovery?

Business continuity, disaster recovery, and business resilience are not the same, but they are related.

• Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
• Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
• Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.

What is a business continuity strategy?

A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.

What does a business continuity plan mitigate?

A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.

• Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
• Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
• Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.

Business continuity planning activities

A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.

Identifying critical business areas and functions

Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.

Analyzing risks, threats, and potential impacts

Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.

Outlining and assigning responsibilities

A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.

Defining and documenting alternatives

A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.

Assessing the need for critical backups

Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.

Testing, training, and communication

Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.

Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.

Related products and solutions

• Cisco Webex Contact Center
• Virtual Desktop Infrastructure (VDI)
• Cisco Intersight Workload Optimizer
• AppDynamics Application Performance Management
• ThousandEyes End User Monitoring
• ThousandEyes Endpoint Agents

You may also like…

• Cisco’s Business Resiliency Strategy
• Business Continuity Blogs
• Business Continuity Planning

Crafting Stellar Job Descriptions for Business Continuity Planning Professionals

Explore diverse and comprehensive job description examples that cater to job description examples for Business Continuity Planners. Elevate your hiring process with compelling JD tailored to your organization's needs

In the realm of Business Continuity Planning, creating comprehensive and effective job descriptions (JDs) is paramount to attract top talents and secure the best fit for the organization. In this article, we'll delve into the essential elements of crafting compelling JDs for Business Continuity Planners, providing practical examples, dos and don'ts, and a step-by-step guide for creating impactful job descriptions.

What is a Job Description (JD) for Business Continuity Planners

Job descriptions for Business Continuity Planners serve as a foundational tool for both hiring managers and potential candidates. A JD outlines the scope of the role, including responsibilities, required qualifications, and the expected impacts of the role on the organization. It provides clarity on the essential functions of the role, setting the stage for effective recruitment and onboarding processes.

Key Elements of a Good Job Description for Business Continuity Planners

When crafting a JD for a Business Continuity Planner, several key elements must be accorded due attention. These elements include a clear and concise job title, a comprehensive overview of the role, detailed responsibilities, required qualifications, and desired skills. A focused section on the company's culture and values further enhances the JD's appeal to potential candidates.

Use Lark to unleash your team productivity.

What Makes a Good JD for Business Continuity Planners

An exemplary JD for a Business Continuity Planner is characterized by its ability to effectively communicate the responsibilities, qualifications, and expectations for the role. It should reflect the organization's strategic goals, culture, and the significance of the position within the business continuity framework. Furthermore, a good JD emphasizes transparency, attracting candidates who resonate with the organization's mission and values.

Why Some JDs Are Bad for Business Continuity Planners

On the contrary, poorly constructed JDs fail to capture the essence of the Business Continuity Planner role, leading to misaligned expectations and potential mismatches between the candidate and the organization's needs. Lack of clarity, generic descriptions, and unrealistic requirements are common pitfalls that render JDs ineffective in attracting suitable candidates.

Employee reviews Template | Lark Templates

Learn more about Lark x Work

Job Description Examples for Business Continuity Planners

Objectives of the Role

Lead the development and maintenance of the Business Continuity and Disaster Recovery Program.

Develop and implement strategies to ensure business resilience in the face of potential disruptions.

Responsibilities

Oversee the identification, analysis, and response to potential risks and business impacts.

Collaborate with cross-functional teams to develop and implement business continuity plans and procedures.

Required Skills and Qualifications

Bachelor's degree in Business Administration or related field.

Certification in Business Continuity Planning (CBCP) preferred.

Proficiency in risk assessment and crisis management.

Preferred Skills and Qualifications

Master's degree in Business Continuity Management.

Experience with business impact analysis and recovery strategies.

Establish and maintain the organization's business continuity framework.

Drive the development and testing of continuity and recovery plans.

Conduct business impact analyses and risk assessments.

Provide guidance and support for business units in plan development and maintenance.

Certified Business Continuity Professional (CBCP) accreditation.

In-depth knowledge of regulatory requirements related to Business Continuity Planning.

Advanced certification in Business Continuity Management.

Proficiency in conducting business impact analyses.

Ensure the readiness of the organization to respond to and recover from significant disruptions.

Conduct continuous assessments to identify vulnerabilities and improve resilience.

Develop and maintain business continuity and crisis management plans.

Direct and coordinate recovery efforts during emergency situations.

Strong understanding of risk management principles.

Experience in developing and implementing business continuity and disaster recovery plans.

Professional certification in Business Continuity Planning.

Proficiency in business impact analysis and risk assessment methodologies.

Supervise the development and maintenance of business continuity and incident response plans.

Provide guidance and support to business units in implementing and testing continuity measures.

Lead the coordination of business continuity exercises and simulations.

Collaborate with stakeholders to mitigate potential business disruptions.

Bachelor's degree in Business Administration, Emergency Management, or related field.

Certification in Business Continuity Planning or equivalent experience.

Extensive experience in crisis and continuity management.

Develop and maintain the organization's business continuity strategies and response plans.

Facilitate the execution and testing of business continuity and disaster recovery plans.

Conduct recurring assessments of business continuity and disaster recovery preparedness.

Coordinate recovery efforts and continuous improvement of business resilience capabilities.

Certified Business Continuity Professional (CBCP) designation or equivalent.

Proficiency in risk assessment and incident management.

Additional certification in Disaster Recovery or Crisis Management.

Extensive experience in developing and executing business continuity plans.

Business Continuity Planners Roles in Demand

The role of Business Continuity Planner has witnessed a shift in recent years, with organizations seeking professionals who can steer the business through unprecedented disruptions and mitigate potential risks effectively. As a result, JDs for Business Continuity Planners are increasingly emphasizing innovation, adaptability, and the ability to navigate complex business environments.

Variations in Business Continuity Planners JDs Across Industries

While the fundamental principles of Business Continuity Planning remain consistent, JDs for Business Continuity Planners may exhibit variations across different industries. For instance, the financial sector may prioritize compliance and regulatory expertise, while technology-driven companies may emphasize IT resilience and data protection capabilities in their JDs.

Dos and Don'ts for Writing Effective JDs for Business Continuity Planners

Creating impactful JDs for Business Continuity Planners entails adherence to certain best practices and the avoidance of common pitfalls.

Step-by-Step Guide to Write JDs for Business Continuity Planners

Understanding the Organizational Needs

• Collaborate with key stakeholders to comprehend the organization's business continuity objectives and specific role requirements.
• Analyze current business continuity frameworks and identify areas where additional expertise is required.

Conducting a Thorough Job Analysis

• Gather insights from existing Business Continuity Planners to understand the practical aspects of the role.
• Identify critical success factors for the role based on business continuity challenges and opportunities.

Crafting Clear and Concise Job Descriptions

• Draft a comprehensive outline covering the objectives, responsibilities, qualifications, and expectations for the Business Continuity Planner role.
• Ensure that the JD is articulated in a clear and engaging manner to attract suitable candidates.

Reviewing and Refining the JD Content

• Collaborate with HR and other relevant departments to review the drafted JD and incorporate constructive feedback.
• Refine the language and structure of the JD to ensure coherence and coherence.

Presenting the JD Effectively

• Utilize engaging and descriptive language to articulate the value proposition of the role.
• Leverage the organization's brand identity and values to emphasize the cultural fit for potential candidates.

Crafting effective job descriptions for Business Continuity Planners is a critical aspect of talent acquisition and organizational resilience. By adhering to the best practices outlined in this article and leveraging impactful examples, organizations can attract top-tier professionals who can fortify their business continuity efforts.

Can a single JD be effective for different roles within Business Continuity Planning?

A single JD can be effective for roles with similar core responsibilities; however, it should be tailored to specific nuances of each position to ensure it accurately represents the expectations and requirements.

How often should JDs for Business Continuity Planners be updated?

JDs for Business Continuity Planners should be regularly reviewed and updated to align with evolving business needs and industry standards, typically at six-month to one-year intervals.

What should be the ideal length of a well-written JD for Business Continuity Planners?

An ideal JD should be concise and informative, typically ranging between 500 to 800 words, ensuring that it comprehensively outlines the role without overwhelming potential candidates.

How can organizations measure the effectiveness of their JDs in attracting suitable candidates?

Organizations can measure the effectiveness of their JDs by monitoring the volume and quality of applicants, tracking the retention rates of hired candidates, and seeking feedback from new hires regarding their perception of the JD's accuracy and transparency.

Are there any specific legal considerations to keep in mind when drafting JDs for Business Continuity Planners?

When drafting JDs for Business Continuity Planners, organizations must ensure compliance with applicable labor laws, non-discrimination regulations, and data privacy requirements to create equitable and legally sound job descriptions.

Lark, bringing it all together

All your team need is Lark

Explore More in Job Description Examples

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Business Continuity Planning

Organize a business continuity team and compile a  business continuity plan  to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

• Business Continuity Plan Situation Manual
• Business Continuity Plan Test Exercise Planner Instructions
• Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans. View on YouTube

Last Updated: 12/21/2023

Return to top

• Book a Speaker

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

Business Continuity Manager

Job summary:.

The Business Continuity Manager will collaborate with department directors and the executive team to develop and implement plans to anticipate, address, and mitigate the effects of various business interruptions.

Supervisory Responsibilities:

Duties/responsibilities:.

• Develops and maintains a business recovery plan and procedure; reviews, revises, and expands existing plans and protocols.
• Conducts risk assessments for various departments and functions, analyzing potential business impact of unpredictable business interruptions such as natural disasters, security breach, legal claims, and market disruptions.
• Collaborates with IT staff to develop and implement best practices to protect and restore data and systems in the event of natural disasters, viruses, and hackers.
• Identifies and implements recovery operations and methods to allow the company to function at limited or partial capacity in the event that part or all of the infrastructure is damaged or destroyed.
• Creates and facilitates practice drills for plan execution.
• Develops and provides staff training on risk management and disaster recovery.
• Works with health, safety, and security staff and local, state, and federal agencies to align the organizations emergency management plan with established best practices and community standards.
• Performs other related duties as assigned.

Required Skills/Abilities:

• Thorough understanding of risk management.
• Excellent strategic, problem solving, and analytical skills.
• Ability to think through hypothetical situations and concepts and to identify risks and weaknesses in various business processes.
• Ability to collaborate with others to develop an emergency plan.
• Excellent communication skills.
• Proficient with Microsoft Office Suite or related software.

Education and Experience:

• Bachelors degree in Business Administration, Finance, or similar field required; Masters degree preferred.
• Minimum of five years of management experience with at least two years in a risk management position required.

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.

Related Content

Rising Demand for Workforce AI Skills Leads to Calls for Upskilling

As artificial intelligence technology continues to develop, the demand for workers with the ability to work alongside and manage AI systems will increase. This means that workers who are not able to adapt and learn these new skills will be left behind in the job market.

Employers Want New Grads with AI Experience, Knowledge

A vast majority of U.S. professionals say students entering the workforce should have experience using AI and be prepared to use it in the workplace, and they expect higher education to play a critical role in that preparation.

Advertisement

Artificial Intelligence in the Workplace

​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.

HR Daily Newsletter

New, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.

Success title

Success caption

Resume Builder

• Resume Experts
• Search Jobs
• Search for Talent
• Employer Branding
• Outplacement

Business Continuity Job Description

Business continuity duties & responsibilities.

To write an effective business continuity job description, begin by listing detailed duties, responsibilities and expectations. We have included business continuity job description templates that you can modify and use.

Sample responsibilities for this position include:

Business Continuity Qualifications

Qualifications for a job description may include education, certification, and experience.

Licensing or Certifications for Business Continuity

List any licenses or certifications required by the position: CBCP, MBCP, BCI, PMP, DRII, MBCI, AMBCI, SANS, BCCM, BC

Education for Business Continuity

Typically a job would require a certain level of education.

Employers hiring for the business continuity job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Business, Education, Management, Computer Science, Emergency Management, Business/Administration, Military, Finance, Information Technology, Technology

Skills for Business Continuity

Desired skills for business continuity include:

Desired experience for business continuity includes:

Business Continuity Examples

• Microsoft Word (.docx) .DOCX
• PDF Document (.pdf) .PDF
• Image File (.png) .PNG
• Initiate and manage updates to planning documentation and maintain appropriate tracking mechanisms
• Coordinate and facilitate monthly/bimonthly meetings focused on BC concerns
• Participate in preparation of annual regulatory filings
• Create and execute project plans based on BCP strategy and goals
• Responsible for material changes to business continuity plans as the needs of the business change between scheduled updates
• Responsible for the delivery and management of all disaster recovery tests
• Provide oversight and feedback on enterprise DR program via participation in DR tests and related activities
• Assist IT Dept in the maintenance of the DR hot site
• Document and address deficiencies
• Introduce BC Program to new hires via BC presentation
• Maintain current content on BC webpage
• Create content for quarterly BC Manager newsletter
• Identify and recommend opportunities to advance business continuity strategy and organization
• Provide managerial support to the MRT as directed
• Participate in required response on incident or recovery situation
• Stay current with business continuity trends
• Overall Business Continuity Program Support, including maintaining BCP and Pandemic websites, procedure revisions, end user support, awareness training
• Perform and evaluate business impact analyses and risk assessments
• Perform all departmental administrative activities
• Lead BIA and RA process for all Business Units (BUs) and Shared Service Units (SSUs)
• Proactively identify and implement BCP program and process improvements
• Ensure that IT DR applications have a fully documented, tested, and executable plan that contains all the required information, reflect current conditions from an IT infrastructure recovery standpoint, and able to support the recovery objective of the organization
• Design, coordinate and execute BCP/DR annual test exercises for critical busines processes, and produce test reports including lessons learned
• Develop recovery priorities, timelines, and strategies for proper sequence of recovery components
• Provide guidance to management in self-assessing their control environment
• Assist Crisis Management/Incident Management teams during service disruption events, and contribute to process improvement intiatives
• Strong written and verbal communication skills with a focus on clear, concise business communication
• Comfortable interacting with colleagues at every level of seniority, leveraging soft skills to ensure that each person completes their testing, training, review and administration assignments on a timely basis
• Knowledge of industry best practice BS 25999 and/or BS25777, FFIEC standards for Business and IT Service Continuity
• Requires a Bachelor’s degree in business, finance, or related field, and some experience in business resumption planning or directly related experience
• Basic knowledge of business continuity plans, concepts, methodology and regulatory requirements
• Good analytical, leadership, organizational, verbal, and written communication skills with the ability to interact with all management/non-management levels
• Ensure all Business Continuity coordinators are adequately trained to fulfill their responsibilities and that they are familiar with the relevant provisions of the Business Continuity plans
• Work with the business units regarding disaster recovery/business continuity needs and ensure integration of concepts/design for existing/new hardware, software, applications, and processes critical to services
• Provide 24×7 support for any emergency which may require activation of all or part of Business Continuity plans
• Liaison with industry and governmental stakeholders
• Evolve the business continuity program for the organization and direct the implementation and monitoring of business continuity standards and policies
• Provide guidance to executive leadership within the organization by recommending business continuity investments which mitigate risks, strengthen resilience, and reduce vulnerabilities for development, internal and client facing systems, services and products
• Actively engage with the business, provide effective challenge where gaps in resilience and continuity are addressed in a timely and risk-based manner
• Partner with the CRO and CSO in all business continuity and crisis management related interactions and reporting to the Board of Directors and the firm’s regulators (SEC, CFTC and Federal Reserve)
• Cybersecurity (threat and incident management)
• Information Security (security operations, access management)
• Minimum four years of experience designing, implementing and/or auditing regulated control functions
• Registration as a FINRA Operations Principal or Registered Representative, or pass Series 99 or Series 7 exam within 3 months of hire
• Leadership ability to influence others to achieve desired goals/results
• Must have knowledge of PC applications
• Degree holder in business/IT related disciplines
• Minimum 5 years of practical Operational Risk Management or BCP experience with working knowledge of key functional processes and resources of a bank
• Trains the corporate employees on best BC practices in accordance with the DRII, BCI, ISO22301, and FFIEC standards
• Applications Security (secure architecture and development)
• Physical Building and Data Center Security
• Business Continuity and Crisis Management Planning
• Administer the mass notification system, developing notification teams, scenarios, while ensuring data accuracy and conducting ongoing system wide tests
• Drive the strategy to develop, implement and maintain enterprise-level business continuity strategies and plans
• Support Risk Management disciplines including the Business Continuity Program
• Coordinate with Site and Process BCM Managers and take the BCM readiness / preparedness status at each site and process
• Coordinate with LMS team in the BCM awareness training programs
• BCM team site (portal) maintenance, updating (as required)
• Certified Business Continuity Planner qualification preferred
• Very strong verbal, written, and presentation skills
• Must be able to interact and work efficiently and effectively with employees across the organization
• Must be a productive team player and must also be comfortable working independently, with little direct supervision
• Organize and coordinate disaster simulations
• Bachelor’s degree in Business, Finance or Risk related area required
• Participating in Business Continuity Duty Manager Rota for shifts
• Interfaces with MIS for the development of reporting platforms and system connectivity
• Interface with other risk departments to coordinate KRI reporting and ensure consistency in message
• Develop and implement Technology Disaster Recovery procedures, plans, and technology inventory governing the technology including remote capabilities, drop ship, and technology partner (Produban) recovery capabilities
• Responsible for insuring that Business and Regulatory Requirements are adhered to and that implemented recovery procedures associated with our Produban partner
• Work with the second line of defense teammates to assure that dependencies are identified and documented
• Create, manage and develop the Disaster Recovery Management policies, standards and guidelines in line with the Enterprise BCM Framework
• Assist in preparation of required reports to
• Responsible for the development, production and updating T&O Disaster Recovery Management materials and documentation (e.g., plans, emergency response procedures, call lists, test results, ) in support of the Enterprise BCM program
• Work closely with the second line of defense in the development and implementation ongoing Disaster Recovery Management planning efforts to identify potential Business and Technology Interruptions, develop safeguards against these interruptions, and implement solutions
• Good understanding of Application/System architectures to implement solutions to maximize data availability
• Experience with creating, presenting, and deploying enterprise business disaster recovery and contingency plans
• Experience with monitoring High Availability programs including audit and regulatory compliance
• Ability to maintain confidentiality and treat sensitive information with discretion
• Proficient in Microsoft Office suite of applications (Word, Excel, PowerPoint, SharePoint)
• Role requires flexibility, willingness, and ability to travel (approximately 10%)

Related Job Descriptions

Create a Resume in Minutes with Professional Resume Templates

I am an Employer

I am a candidate.

An IT business continuity plan: Why you need one and what it entails

Business continuity and disaster recovery plans ( BCDR ) are organization-wide plans to help prepare your business for a wide range of potential crises and to mitigate the impact of such events.

Threats to your business can take various forms—from global pandemics that disrupt supply chains to natural disasters that threaten your physical workspace. However, as businesses rely increasingly on various systems to manage core operations and house crucial information, including customer, employee, and financial data, threats to IT systems loom largest for many business owners.

That’s where your IT business continuity planning comes in. This may be part of a larger business continuity plan or may be conducted in isolation if IT is the sole concern of your business continuity management.

A deeper dive into business continuity planning

When an event disrupts your business’s operations, a business continuity and disaster recovery plan (BCDR) comes into action. Downtime can lead to financial losses for companies, so minimizing its impact is crucial to ensure prompt business recovery and minimize revenue loss.

Although disaster recovery is a critical function of IT systems, BCDR is much broader than merely ensuring the stability and security of your tech stack. It encompasses various aspects, such as ensuring employee safety, managing brand reputation, crisis management, identifying alternative work locations, and ensuring systems security and data protection.

Therefore, developing a comprehensive b usiness continuity and disaster recovery plan requires thoroughness. While it may not be possible to predict every potential disaster that could befall your business, you can develop fallback plans to utilize when disasters inevitably occur.

Threats to your IT systems

When you think of your IT systems, it’s natural to think of things like cyberattacks or systems downtime as posing potential threats to your business continuity. However, IT systems can face various threats that can cause significant damage and disrupt business operations. These threats include:

• Natural disasters , such as hurricanes, floods, earthquakes, wildfires, and tornadoes, which can damage physical infrastructure (like servers) and cause business disruptions.
• Cyberattacks and data breaches , which can result in data loss, system downtime, reputational damage, financial losses, regulatory fines, and legal liability. These attacks are becoming more sophisticated and frequent, and companies must take necessary precautions to secure their systems and data.
• Human errors made by employees, contractors, or vendors can also lead to system failures, data breaches, or other disruptions to business operations. Companies must invest in training and implementing proper protocols to mitigate such risks.
• Power outages can result in system downtime and data loss. Companies must implement backup power systems and disaster recovery plans to minimize the impact of such events.

It’s important for your organization to identify the specific threats that are most relevant to their business and to develop appropriate plans and strategies to mitigate those risks.

Where to start when developing an IT business continuity plan (BCP)

Most good plans start with information-gathering, and your IT business continuity plans are no different. The components of gathering the right information are outlined here:

Business continuity management (BCM)

Business continuity management (BCM) is the process of identifying potential threats and risks to an organization, developing plans to mitigate those risks, and ensuring that the organization is prepared to respond effectively to a crisis or disruption. 

The goal of BCM is to enable an organization to continue its critical operations during and after a catastrophic event, whether that event is a natural disaster, cyber-attack, or any other unexpected occurrence that could impact the organization’s ability to function.

The role of a Business Impact Analysis (BIA) in business continuity management 

A business impact analysis (BIA) is a key component of your business continuity management or BCM process. The BIA identifies and evaluates the potential impact of a disruption on critical IT functions and business processes.

When doing a BIA, you’ll:

• Identify the essential IT functions and processes your business needs to restore quickly after a disruption. For example, if you’re an e-commerce business, your website and payment processing systems are critical IT functions that need to be restored quickly to avoid losing revenue and customers.
• Assess and quantify the potential impacts of a disruption on each function or process. These impacts can range from shipping delays to customers to regulatory non-compliance. By understanding the potential impacts, you’ll be able to prioritize your disaster recovery efforts and allocate resources effectively.
• Understand the resources required to support each IT function or process. This can include personnel, technology, and facilities. This can help you identify single points of failure, such as only one person who knows how to operate a certain system. If that person is unavailable, it could result in significant downtime and lost revenue.

By conducting a BIA, you can develop targeted and effective recovery strategies that minimize the impact of a disruption on your IT systems. It’s recommended that organizations conduct a BIA at least once a year or whenever there are significant changes to the organization’s operations or risk profile.

How your IT business continuity plan comes to life

As business continuity and disaster recovery are interdependent, there is a significant overlap in devising an IT disaster recovery (DR) plan and an IT business continuity (BC) plan. As such, we like to consider all three branches of BCDR when developing an effective business continuity plan. Those three branches are:

• Emergency response: This branch of business continuity focuses on the immediate response to a crisis or emergency situation. Think of it as the immediate “to-do plan” if there’s a natural disaster, cyber-attack, or any other unexpected event that can disrupt business operations.
• Crisis management & business continuity: Crisis management deals with the restoration of critical business functions after an interruption, including the recovery of data, systems, and operations. The objective is to ensure that business operations can be resumed as quickly as possible and minimize the impact of the disruption.
• Disaster recovery: Time to recover critical business functions! Whether you’re rebuilding infrastructure, replacing equipment, or upgrading systems, this stage is about getting your business back to where it was. This branch also focuses on the proactive measures that organizations can take to mitigate the impact of another potential disaster or crisis.

For each IT function, you should have a plan in place that covers all three branches. Let’s look at an example:

Example: A power outage impacts critical IT systems

Power outages or blackouts can happen for a number of reasons, but if your business is located in a region that is prone to volatile weather or extreme heat, power outages are something you should prepare for well in advance. If and when a power outage occurs, you might have the following steps in place:

Your emergency response to a power outage: 

With the correct procedures and training in place, your team will know exactly how to respond the next time there’s a blackout. This might include:

• Using personal wireless hotspots for urgent tasks that require web access
• Unplugging devices from power sources so they don’t short circuit when power returns
• Reporting the outage to the relevant authorities 
• Seeking to understand the extent of the problem (often this can be found on websites or through social media accounts of power companies)
• Notifying key people (customers/leaders) about the situation (this can even be done through social media

Roles and responsibilities will also be clear so people do not duplicate efforts or create confusion.

Crisis management & business continuity: 

Now that initial steps and actions have been taken, you can move to actively manage your business while the power is out. Actions taken now will depend on the duration of the power outage, but some options include:

• Sending employees home if it’s easier for them to simply work from home or it looks like the outage may impact the rest of the business day
• Investing in a backup generator if the power will be out for a prolonged period (this might also be part of disaster recovery if it’s a proactive step to be taken for next time)
• Continuing to keep customers and stakeholders up to date via essential channels like social media, email, and even phone

Disaster recovery from power outages: 

Hooray! The power is restored. Your office can now return to normal productivity. But before everybody jumps in, your tech team might want to:

• Reset the circuit breaker before turning on devices and network routers
• Confirm any steps for restarting systems that have not been shut down properly

Having survived an outage, your business might now reassess your preparedness for such events and decide to implement some changes. This can include things like:

• Setting up an uninterruptible power supply (UPS) to allow people to safely shut down their computers
• Ensuring all staff members store all business documents, contact lists, and other critical information in the cloud so it’s accessible from anywhere with an internet connection

Who’s responsible for your IT business continuity plan

Going through each and every IT system, from hardware to software, that your company uses may seem like a daunting task. That responsibility typically falls on the organization’s IT department or a designated IT team. 

However, depending on the organization’s size and structure, the responsibility for a successful business continuity plan may also fall on other departments or individuals, such as risk management, operations, human resources, or a business continuity team.

Moreover, your IT team will likely depend on all staff and even business partners for inputs on the nature of certain systems, how essential they are to maintaining business operations, and the revenue implications of those systems being down.

For example, your marketing team may use various systems for email deployment, social media monitoring, content production, and more. As such, your IT team may require information from them on which systems you use that are most critical to maintaining productivity and which systems are most closely tied to revenue.

The importance of staff training

Because human error puts your IT systems at risk, all staff should also be required to undergo annual training on data security and emergency procedures. Depending on the compliance frameworks your company adheres to, certification may also be required for all employees. 

For example, if your company processes credit card information, it may be required for all employees to complete PCI compliance training. PCI compliance training refers to a program or series of courses designed to educate individuals and organizations on the Payment Card Industry Data Security Standards (PCI DSS) and the requirements for complying with these standards. 

PCI DSS is a set of security standards developed by major credit card companies to help ensure that businesses that accept, process, store, or transmit credit card information do so in a secure manner and protect against fraud and data breaches.

The importance of testing & iterating your IT business continuity plans

Just like running regular fire drills, your IT business continuity plan needs to be constantly tested and updated. Plus, every time you do a new business impact analysis (or BIA), you’ll potentially identify new areas of vulnerability that your BCDR needs to account for.

Here are some steps to follow when testing your BCDR plan:

• Define the testing objectives: Defining the objectives of the test can include testing the effectiveness of specific recovery procedures, identifying weaknesses in the plan, or assessing the readiness of key personnel.
• Develop a testing strategy: A testing strategy will outline the scope of the test, the testing approach, and the expected outcomes. This should include a detailed test plan that identifies the testing scenarios, the resources needed to conduct the test, and the criteria for success.
• Conduct the test: Run the test according to the testing plan. This may involve simulating a disaster scenario, testing specific recovery procedures, or conducting a tabletop exercise to test the response of key personnel.
• Evaluate the results: This may involve reviewing the test data, conducting post-test interviews with key personnel, or analyzing the effectiveness of specific recovery procedures.
• Improve: Based on your results, improvements to the BCDR plan may be identified and implemented. These may include revising specific recovery procedures, updating the contact list for key personnel, or investing in additional resources to improve the organization’s overall readiness for a disaster.

Need help? Working with the experts at Thoropass can help you build the foundations for a resilient business that stands the test of time.

Get the Guide

Founder’s Guide to Security and Compliance

Take security one step further, find out which frameworks are best for your business.

Share this post with your network:

Related Posts

Mastering pci self-assessment: essential tips, your essential guide to managing a gdpr data breach, stay connected.

Subscribe to receive new blog articles and updates from Thoropass in your inbox.

Help Thoropass ensure that compliance never gets in the way of innovation.

Drop us a line and we’ll be in touch.